CHEETAH NET SUPPLY CHAIN SERVICE INC. 10-K Cybersecurity GRC - 2024-03-18

Page last updated on April 11, 2024

CHEETAH NET SUPPLY CHAIN SERVICE INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-18 16:05:50 EDT.

Filings

10-K filed on 2024-03-18

CHEETAH NET SUPPLY CHAIN SERVICE INC. filed an 10-K at 2024-03-18 16:05:50 EDT
Accession Number: 0001410578-24-000224

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We recognize the importance of cybersecurity in our operations. We face diverse cybersecurity threats, ranging from unauthorized individual access attempts to sophisticated disruptions targeting our business and customer data. Our operations involve collecting and storing customer information in cloud systems, such as Google Drive, and we rely on third-party providers, such as Google, whose systems may encounter interruptions and/or cybersecurity incidents. Our business depends on the continuous functioning of our OA System, which tracks order status and monitors business workflows. The secure handling of information is crucial, particularly for tracking automobile orders. We have implemented various measures, such as access controls, data encryption, and vulnerability assessments, to prevent and mitigate cybersecurity risks and incidents. In particular, we have implemented a cybersecurity risk management program, in accordance with our risk profile and business size, which is designed to detect, identify, assess, and respond to current and emerging cybersecurity threats. We have developed a comprehensive, cross-functional approach to identifying, preventing, and mitigating cybersecurity threats and incidents, while also developing tools and processes that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner. Our cybersecurity risk management program is supported by third-party information technologies and vendors, including Squarespace and Google Workspace, which assist us with information technology system monitoring, detection, and response support services. We also leverage third-party information technology service providers to monitor and evaluate our cybersecurity posture through vulnerability scans, penetration tests, and cybersecurity risk reviews and assessments. We engage in the assessment and testing of our cybersecurity risk management program, policies, standards, processes, and practices that are designed to address cybersecurity threats and incidents. These efforts include a wide range of activities, assessments, vulnerability testing, and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. We also have a process to review certain third-party information technology service providers and vendors, including through contractual requirements and proactive threat intelligence monitoring, as appropriate. However, cybersecurity incidents, if they occur, depending on their nature, could lead to the loss, destruction, or unavailability of critical and confidential data, impacting our operations and potentially harming our reputation. This could result in customer distrust, termination of partnerships, significant remediation costs, and legal liabilities. 16 Table of Contents As of the date of this annual report, we are not aware of any cybersecurity incidents, that have had a materially adverse effect on our operations, business, results of operations, or financial condition. Governance Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Nominating and Corporate Governance Committee (the Committee ) oversight of cybersecurity and other information technology risks. The Committee receives reports from management on potential cybersecurity risks and threats. Our management plays a key role in assessing and managing our material risks from cybersecurity threats, with designated positions and committees equipped with the necessary expertise. The management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel and threat intelligence and other information obtained from governmental, public, or private sources.

Company Information